Take a Product Tour Request a Demo Cybersecurity Assessment Contact Us

Blogs

The latest cybersecurity trends, best practices, security vulnerabilities, and more

Mitigating Security Update Risks Part 4: Testing Procedures for ePO, EDR, ENS, and HX

A Professional Services Perspective

Trellix’s technology solutions offer customers Transparency, Choice, and Responsibility in regards to software and security content updates, as shown in Part 1, Part 2, and Part 3 of this blog series. In Part 4, we will explore specific test cases and procedures that customer administrators can use to validate the integrity and functionality of Trellix software deployed in the environments they manage.


Best Practices

Some of the test cases shown here are labor intensive and are not meant to be run against every single endpoint or server in the environment. Customer administrators should identify a small group of designated test systems, preferably in the hands of knowledgeable technical staff, where disruptions can be detected without risk of interrupting production activities. For servers, development and pre-production environments are ideal for these activities.

Product Version Updates

Prior to updating Trellix products to a new product version, determine whether application performance testing baseline metrics exist for third-party software used by the organization. Understand existing performance issues which may be a concern, and should be baselined prior to upgrading or installing Trellix products.

Items to consider measuring before and after installing or updating Trellix products include:

  • Average time for system startup
  • Average time for user logins
  • Average CPU utilization
  • Average Memory utilization
  • Average Disk I/O utilization
  • Critical application specific performance metrics

A note about EDR Dynamic Updates

Administrators wishing to perform canary testing of EDR updates must disable the feature “Dynamic Content Updates” and select “ePO Push Content Update” instead.

Endpoint Security 10 (ENS)

Test Cases for ENS

Test ID Applicable to (type of change)? Test Name Description/Procedure Pass? Test Date
ENS-001 Daily DAT update Canary Test Configure a select group of machines to use the Evaluation Branch to pull their DAT updates, give them a short ASCI, and observe if they experience issues TRUE/FALSE  
ENS-002 Daily DAT update Test vs Critical Applications - Memory Confirm you have loaded the latest DAT on a Test machine and load a selection of your critical business apps and observe Memory impact, this can be automated with third party tools TRUE/FALSE  
ENS-003 Daily DAT update Test vs Critical Applications - CPU Confirm you have loaded the latest DAT on a Test machine and load a selection of your critical business apps and observe CPU impact, this can be automated with third party tools TRUE/FALSE  
ENS-004 Daily DAT update Test vs Critical Applications - Disk I/O Confirm you have loaded the latest DAT on a Test machine and load a selection of your critical business apps and observe Disk I/O impact, this can be automated with third party tools TRUE/FALSE  
ENS-005 Daily DAT update EICAR test Confirm you have loaded the latest DAT on a Test machine and attempt to access the EICAR test file (available eicar.org), success if a threat detection occurs TRUE/FALSE  
ENS-006 Exploit Prevention Content Canary Test Configure a select group of machines to use the Evaluation Branch to pull their Exploit Prevention Content updates, give them a short ASCI, and observe if they experience issues TRUE/FALSE  
ENS-007 Exploit Prevention Content Test vs Critical Applications - Memory Confirm you have loaded the latest Exploit Prevention Content on a Test machine and load a selection of your critical business apps and observe Memory impact, this can be automated with third party tools TRUE/FALSE  
ENS-008 Exploit Prevention Content Test vs Critical Applications - CPU Confirm you have loaded the latest Exploit Prevention Content on a Test machine and load a selection of your critical business apps and observe CPU impact, this can be automated with third party tools TRUE/FALSE  
ENS-009 Exploit Prevention Content Test vs Critical Applications - Disk I/O Confirm you have loaded the latest Exploit Prevention Content on a Test machine and load a selection of your critical business apps and observe Disk I/O impact, this can be automated with third party tools TRUE/FALSE  
ENS-010 Exploit Prevention Content Validate Exploit Prevention Functionality Use your third party vulnerability management software to attempt a penetration test vs. your test machine with the latest exploit prevention content with all rules enabled TRUE/FALSE  
ENS-011 Engine Updates Canary Test Configure a select group of machines to use the Evaluation Branch to pull their engine updates, give them a short ASCI, and observe if they experience issues TRUE/FALSE  
ENS-012 Engine Updates Test vs Critical Applications - Memory Confirm you have loaded the latest engine on a Test machine and load a selection of your critical business apps and observe Memory impact, this can be automated with third party tools TRUE/FALSE  
ENS-013 Engine Updates Test vs Critical Applications - CPU Confirm you have loaded the latest engine on a Test machine and load a selection of your critical business apps and observe CPU impact, this can be automated with third party tools TRUE/FALSE  
ENS-014 Engine Updates Test vs Critical Applications - Disk I/O Confirm you have loaded the latest engine on a Test machine and load a selection of your critical business apps and observe Disk I/O impact, this can be automated with third party tools TRUE/FALSE  
ENS-015 Engine Updates EICAR test Confirm you have loaded the latest engine on a Test machine and attempt to access the EICAR test file (available eicar.org), success if a threat detection occurs TRUE/FALSE  
ENS-016 Policy Change - Enable/Change GTI Sensitivity Canary Test Configure a select group of machines with a policy configured to use your target GTI sensitivity, give them a short ASCI, and observe if they experience issues TRUE/FALSE  
ENS-017 Policy Change - Enable/Change GTI Sensitivity Test vs Critical Applications - Memory Confirm you have loaded the policy configured to use your target GTI sensitivity on a Test machine and load a selection of your critical business apps and observe Memory impact, this can be automated with third party tools TRUE/FALSE  
ENS-018 Policy Change - Enable/Change GTI Sensitivity Test vs Critical Applications - CPU Confirm you have loaded the policy configured to use your target GTI sensitivity on a Test machine and load a selection of your critical business apps and observe CPU impact, this can be automated with third party tools TRUE/FALSE  
ENS-019 Policy Change - Enable/Change GTI Sensitivity Test vs Critical Applications - Disk I/O Confirm you have loaded the policy configured to use your target GTI sensitivity on a Test machine and load a selection of your critical business apps and observe Disk I/O impact, this can be automated with third party tools TRUE/FALSE  
ENS-020 ENS Platform Upgrade Validate Self-Protection Attempt to stop services in Windows service manager, successful if you can't do it TRUE/FALSE  
ENS-021 ENS Platform Upgrade Validate Policy Enforcement View ENS local management console and attempt to unlock the interface if needed. Visually confirm policies are applied as expected TRUE/FALSE  
ENS-022 ENS Platform Upgrade Validate Event Generation Trigger a TP, AP, or ExP rule and observe if a threat event is generated TRUE/FALSE  
ENS-023 ENS Platform Upgrade Validate Event Transmission to ePO In Trellix Agent Status Monitor, hit "Send Events" after triggering a threat event and observe if it is sent to ePO TRUE/FALSE  
ENS-024 ENS Threat Prevention Upgrade Validate AMCore DAT update manually Choose "Update Security..." in Trellix Agent tray icon right click menu and observe the results TRUE/FALSE  
ENS-025 ENS Threat Prevention Upgrade Validate On Demand Scan functionality Right click scan a predetermined folder on an upgraded machine and observe the results TRUE/FALSE  
ENS-026 ENS Threat Prevention Upgrade Validate On Access Scan functionality Attempt to save an eicar.txt file with the test string from eicar.org and observe the results TRUE/FALSE  
ENS-027 ENS Threat Prevention Upgrade Validate Exploit Prevention Functionality Use your third party vulnerability management software to attempt a penetration test vs. your Test machine with the latest exploit prevention content with all rules enabled TRUE/FALSE  
ENS-028 ENS Adaptive Threat Prevention Upgrade Validate Threat Intelligence Exchange Telemetry Set a test exe file reputation to known malicious and attempt to execute, observe the results TRUE/FALSE  
ENS-029 ENS Adaptive Threat Prevention Upgrade Validate Dynamic Application Containment Set a test exe file reputation to known malicious and attempt to execute, observe the results TRUE/FALSE  
ENS-030 ENS Host Firewall Upgrade Validate local firewall rules match assigned policy in ePO Visually confirm local and ePO policies match TRUE/FALSE  
ENS-031 ENS Host Firewall Upgrade Validate blocked traffic - inbound Attempt to reach test host from an intentionally blocked IP address TRUE/FALSE  
ENS-032 ENS Host Firewall Upgrade Validate blocked traffic - outbound Attempt to reach an intentionally blocked IP from test host TRUE/FALSE  
ENS-033 ENS Host Firewall Upgrade Validate critical Allowed traffic - outbound Attempt to reach critical locations such as ePO, VPN concentrators, key application servers, other critical network resources from test host TRUE/FALSE  
ENS-034 ENS Host Firewall Upgrade Validate critical allowed traffic - inbound Verify with critical app administrators that they can reach the test host after upgrade TRUE/FALSE  
ENS-035 ENS Web Control Upgrade Validate Policy Enforcement Visually verify local policy matches assigned policy in ePO TRUE/FALSE  
ENS-036 ENS Web Control Upgrade Validate browser plugins load View Edge/Chrome plugins pages to confirm ENS Web Control has loaded TRUE/FALSE  
ENS-037 ENS Web Control Upgrade Validate search annotation feature Perform a Google search and observe the presence of green checks or yellow triangles and red octagons TRUE/FALSE  
ENS-038 ENS Web Control Upgrade Validate content category block Attempt to visit a website with a known blocked category according to your configuration TRUE/FALSE  
ENS-039 ENS Web Control Upgrade Validate risky website block Use risky search terms to attempt to locate a risky website, click on it, and observe the block page TRUE/FALSE  
ENS-040 ENS Web Control Upgrade Validate Block List Attempt to access a website on the explicit block list TRUE/FALSE  
ENS-041 All ENS upgrades Canary Test Configure a select group of machines with a policy configured to receive the N-0 update, and observe if they experience issues TRUE/FALSE  
ENS-042 All ENS upgrades Test vs Critical Applications - Memory Confirm you have loaded the N-0 version on a Test machine and load a selection of your critical business apps and observe Memory impact, this can be automated with third party tools TRUE/FALSE  
ENS-043 All ENS upgrades Test vs Critical Applications - CPU Confirm you have loaded the N-0 version on a Test machine and load a selection of your critical business apps and observe CPU impact, this can be automated with third party tools TRUE/FALSE  
ENS-044 All ENS upgrades Test vs Critical Applications - Disk I/O Confirm you have loaded the N-0 version on a Test machine and load a selection of your critical business apps and observe Disk I/O impact, this can be automated with third party tools TRUE/FALSE  
ENS-045 All ENS upgrades EICAR test Confirm you have loaded the N-0 version on a Test machine and attempt to access the EICAR test file (available eicar.org), success if a threat detection occurs TRUE/FALSE  

Endpoint Detection and Response (EDR)

Test Cases for Endpoint Detection and Response (EDR)

Test ID Applicable to (type of change)? Test Name Description/Procedure Passed? Test Date
EDR-001 EDR Agent Upgrade Validate agent version (client) Verify in Trellix Agent 'About' page TRUE/FALSE  
EDR-002 EDR Agent Upgrade Validate agent version (ePO) Check system record in ePO System tree and verify EDR version TRUE/FALSE  
EDR-003 EDR Agent Upgrade Canary Test Deploy update to selected canary testers and observe the results TRUE/FALSE  
EDR-004 EDR Agent Upgrade Check Realtime Update status Run Real Time Search HostInfo hostname where hostname is your canary tester(s) TRUE/FALSE  
EDR-005 EDR Agent Upgrade Check Device Search Open Device Search and enter hostname of canary tester to validate artifacts are captured TRUE/FALSE  
EDR-006 EDR Agent Upgrade EICAR Test Attempt to write the EICAR file to the disk on your canary tester TRUE/FALSE  
EDR-007 EDR Agent Upgrade Quarantine Host Quarantine a canary tester, validate that the endpoint is quarantined (cannot communicate except to security tools) TRUE/FALSE  
EDR-008 EDR Agent Upgrade Un-Quarantine Host Attempt to unquarantine your quarantined host, successful if they can go to google TRUE/FALSE  
EDR-009 EDR Agent Upgrade Test vs Critical Applications - Memory Designate test hosts with critical apps installed and measure memory usage vs. baseline for 1 hour after deployment, while validating critical app functionality. May be automated. TRUE/FALSE  
EDR-010 EDR Agent Upgrade Test vs Critical Applications - CPU Designate test hosts with critical apps installed and measure CPU usage vs baseline for 1 hour after deployment, while validating critical app functionality. May be automated. TRUE/FALSE  
EDR-011 EDR Agent Upgrade Test vs Critical Applications - Disk I/O Designate test hosts with critical apps installed and measure Disk I/O usage vs baseline for 1 hour after deployment, while validating critical app functionality. May be automated. TRUE/FALSE  
EDR-012 EDR Content Update Canary Test Configure a select group of machines to use the Evaluation Branch to pull their EDR Content updates, give them a short ASCI, and observe if they experience issues TRUE/FALSE  
EDR-013 EDR Content Update Test vs Critical Applications - Memory Confirm you have loaded the latest EDR Content on a Test machine and load a selection of your critical business apps and observe Memory impact, this can be automated with third party tools TRUE/FALSE  
EDR-014 EDR Content Update Test vs Critical Applications - CPU Confirm you have loaded the latest EDR Content on a Test machine and load a selection of your critical business apps and observe CPU impact, this can be automated with third party tools TRUE/FALSE  
EDR-015 EDR Content Update Test vs Critical Applications - Disk I/O Confirm you have loaded the latest EDR Content on a Test machine and load a selection of your critical business apps and observe Disk I/O impact, this can be automated with third party tools FALSE  
EDR-016 EDR Content Update EICAR test Confirm you have loaded the latest EDR Content on a Test machine and attempt to access the EICAR test file (available eicar.org), success if a threat detection occurs FALSE  

Trellix Agent

Test Cases for Trellix Agent

Test ID Applicable to (type of change)? Test Name Description/Procedure Pass? Test Date
TA-01 Update Product Extension Validate Running Status Wait 5 minutes and check that Extensions page for product shows all extensions in "Running" status TRUE/FALSE  
TA-02 Update Product Extension Validate Existing Policy Take screenshots before the update and visually validate that the policies match after the update TRUE/FALSE  
TA-03 Update Product Extension Test modifying policy Duplicate and modify an existing policy, successful if you can save the policy with modifications TRUE/FALSE  
TA-04 Update Product Extension Test modifying policy assignment in system tree Modify the policy assignment for a single system, successful if you can save the policy assignment TRUE/FALSE  
TA-05 Update Product Extension Test updated policy application to endpoint system Observe the Trellix Agent Status Monitor on the system with a modified policy, successful if the new policy is provided TRUE/FALSE  
TA-06 Update Product Extension Validate Policy Assignment Status reporting Observe the System Tree entry for the system with a modified policy, successful if applied policy shows "Up to Date" and shows correct policy name TRUE/FALSE  
TA-07 Update Product Extension Validate event collection Trigger an event on the system with the modified policy and select "Send Events" in Trellix Agent Status monitor, observe if the event shows in the system tree entry for the system TRUE/FALSE  
TA-08 Update Product Extension Validate Definitions Update retrieval Remove the latest update from the Evaluation branch and re-run the daily update task to force a poll of Trellix update servers. Successful if the same or newer version of the content file is placed in the Eval branch TRUE/FALSE  
TA-09 Update Product Extension Validate Dashboards still functional Wait 5 minutes and check each dashboard that includes a query managed by the updated extension, success if none of the queries say "invalid state" or similar TRUE/FALSE  
TA-10 Update Product Extension Validate Custom Queries Wait 5 minutes and check each custom query group, success if none of the queries say "invalid state" or similar TRUE/FALSE  
TA-11 Update Product Extension Validate ePO Performance Impact Wait 5 minutes and observe average system utilization over 1 hour vs baseline (Use your performance counter software) TRUE/FALSE  
TA-12 Update Product Extension Validate Database Performance Impact Wait 5 minutes and observe average system utilization over 1 hour vs baseline (Use your performance counter software) TRUE/FALSE  
TA-13 New Trellix Agent version Canary Test Configure a select group of machines with a policy configured to receive the N-0 update, and observe if they experience issues TRUE/FALSE  
TA-14 New Trellix Agent version Validate Product Deployment Task Attempt to perform a product update of a 2nd package via a client task and observe the result TRUE/FALSE  
TA-15 New Trellix Agent version Validate Manual Update communication Select "Update Now" or "Update Security" and observe the communication TRUE/FALSE  
TA-16 New Trellix Agent version Validate Msg Bus On a managed system, observe EndpointSecurityPlatform_Errors.log C:\ProgramData\McAfee\Endpoint Security\Logs TRUE/FALSE  
TA-17 New Trellix Agent version Validate Msg Bus MessageBus Version check via ePO: System Tree > Select system > Trellix Agent Tab > Click "More" > Observe value of "MessageBus Cert Version." TRUE/FALSE  
TA-18 New Trellix Agent version Validate DXL connection Select a machine in system tree and perform actions menu "Look up in DXL" and observe the results TRUE/FALSE  
TA-19 New Trellix Agent version Validate Trellix Agent Policy assignment In System tree, view machine record and verify Trellix Agent policy settings "Up to date" TRUE/FALSE  

ePolicy Orchestrator

Test Cases for ePolicy Orchestrator

Test ID Applicable to (type of change)? Test Name Description/Procedure Pass? Test Date
ePO-1 Update Product Extension Validate Running Status Wait 5 minutes and check that Extensions page for product shows all extensions in "Running" status TRUE/FALSE  
ePO-2 Update Product Extension Validate Existing Policy Take screenshots before the update and visually validate that the policies match after the update TRUE/FALSE  
ePO-3 Update Product Extension Test modifying policy Duplicate and modify an existing policy, successful if you can save the policy with modifications TRUE/FALSE  
ePO-4 Update Product Extension Test modifying policy assignment in system tree Modify the policy assignment for a single system, successful if you can save the policy assignment TRUE/FALSE  
ePO-5 Update Product Extension Test updated policy application to endpoint system Observe the Trellix Agent Status Monitor on the system with a modified policy, successful if the new policy is provided TRUE/FALSE  
ePO-6 Update Product Extension Validate Policy Assignment Status reporting Observe the System Tree entry for the system with a modified policy, successful if applied policy shows "Up to Date" and shows correct policy name TRUE/FALSE  
ePO-7 Update Product Extension Validate event collection Trigger an event on the system with the modified policy and select "Send Events" in Trellix Agent Status monitor, observe if the event shows in the system tree entry for the system TRUE/FALSE  
ePO-8 Update Product Extension Validate Definitions Update retrieval Remove the latest update from the Evaluation branch and re-run the daily update task to force a poll of Trellix update servers. Successful if the same or newer version of the content file is placed in the Eval branch TRUE/FALSE  
ePO-9 Update Product Extension Validate Dashboards still functional Wait 5 minutes and check each dashboard that includes a query managed by the updated extension, success if none of the queries say "invalid state" or similar TRUE/FALSE  
ePO-10 Update Product Extension Validate Custom Queries Wait 5 minutes and check each custom query group, success if none of the queries say "invalid state" or similar TRUE/FALSE  
ePO-11 Update Product Extension Validate ePO Performance Impact Wait 5 minutes and observe average system utilization over 1 hour vs. baseline (Use your performance counter software) TRUE/FALSE  
ePO-12 Update Product Extension Validate Database Performance Impact Wait 5 minutes and observe average system utilization over 1 hour vs. baseline (Use your performance counter software) TRUE/FALSE  
ePO-13 Add Package to Main Repo Validate Branch Placement Visually confirm that the package was placed in the correct branch (Evaluation, Current, or Previous) TRUE/FALSE  
ePO-14 Add Package to Main Repo Test Replication Perform Replication, then validate by checking packages are up to date in each repository TRUE/FALSE  
ePO-15 Add Package to Main Repo Validate existing client tasks Check existing client tasks that reference older versions of the package to ensure they are not left in a broken state TRUE/FALSE  
ePO-16 Add Package to Main Repo Test Deployment Create a client task using the package, then command an early tester to run it. Observe on the endpoint if it is able to download and install TRUE/FALSE  

Endpoint Security xAgent (HX)

Test Cases for Endpoint Security xAgent (HX)

Test ID Applicable to (type of change)? Test Name Description/Procedure Pass? Test Date
TEFx-001 Appliance Operating System Update Validate new system version Ensure the system restores post reboot, log in to webUI, use terminal cmd "Show Version" TRUE/FALSE  
TEFx-002 Appliance Operating System Update Validate xAgent Communication Check Host Management tab for check-in status "Online" TRUE/FALSE  
TEFx-003 Appliance Operating System Update Validate xAgent Acquisitions Attempt to perform an agent diagnostics acquisition, validate that the diagnostics look normal TRUE/FALSE  
TEFx-004 Appliance Operating System Update Validate running appliance processes SSH into the device and run “show pm process” and verify status TRUE/FALSE  
TEFx-005 Appliance Operating System Update Validate Host Sets Visually confirm your host sets are still present and configured as expected TRUE/FALSE  
TEFx-006 Appliance Operating System Update Validate Policy settings Visually confirm your policies are still present and configured as expected, take screenshots prior to update TRUE/FALSE  
TEFx-007 Upgrade of Agent Version Validate new xAgent version available Validate agent version in Endpoint Forensics Console. Ensure the host shows online in host management TRUE/FALSE  
TEFx-008 Upgrade of Agent Version Canary Test Create host group set to use N-0 xAgent version and observe if they experience issues TRUE/FALSE  
TEFx-009 Upgrade of Agent Version Validate xAgent Install Check the version in Properties -> Details on C:\ProgramData\FireEye\Drivers\wfp_x64\fekern.sys, should match the major version of xAgent TRUE/FALSE  
TEFx-010 Upgrade of Agent Version Validate xAgent Online Status Check in the Host Management tab TRUE/FALSE  
TEFx-011 Upgrade of Agent Version Validate xAgent Content Versions Check in the Host Management tab TRUE/FALSE  
TEFx-012 Upgrade of Agent Version Validate xAgent Acquisitions Attempt to perform an agent diagnostics acquisition, validate that the diagnostics look normal TRUE/FALSE  
TEFx-013 Upgrade of Agent Version Test Exploit Guard Run EG Samples on host endpoint, wait for alert to trigger in Endpoint Forensics Console TRUE/FALSE  
TEFx-014 Upgrade of Agent Version Test Malware Protection Download an EICAR file, wait for alert to trigger in Endpoint Forensics Console TRUE/FALSE  
TEFx-015 Upgrade of Agent Version Test Real-Time IOC Detection Create a file with test conditions matching IOC rules for specific Operating Systems (windows is running feqatest.exe, for example) TRUE/FALSE  
TEFx-016 Upgrade of Agent Version Test Module usage Once the module is installed, you will need to enable it and validate specific functionality on the endpoint (each module is unique) TRUE/FALSE  
TEFx-017 Upgrade of Agent Version Test vs Critical Applications - Memory Designate test hosts with critical apps installed and measure memory usage vs baseline for 1 hour after deployment, while validating critical app functionality. May be automated. TRUE/FALSE  
TEFx-018 Upgrade of Agent Version Test vs Critical Applications - CPU Designate test hosts with critical apps installed and measure CPU usage vs baseline for 1 hour after deployment, while validating critical app functionality. May be automated. TRUE/FALSE  
TEFx-019 Upgrade of Agent Version Test vs Critical Applications - Disk I/O Designate test hosts with critical apps installed and measure Disk I/O usage vs baseline for 1 hour after deployment, while validating critical app functionality. May be automated. TRUE/FALSE  
TEFx-020 Daily Security Content Updates Canary Test Create host group set to use N-0 content update version and observe if they experience issues TRUE/FALSE  
TEFx-021 Daily Security Content Updates Validate Content Update Deployment Check Host Management tab for content version updated to N-0 version number TRUE/FALSE  
TEFx-022 Daily Security Content Updates Test Malware Protection Download an EICAR file, wait for alert to trigger in Endpoint Forensics Console TRUE/FALSE  
TEFx-023 Daily Security Content Updates Test Real-Time IOC Detection Create a file with test conditions matching IOC rules for specific Operating Systems (windows is running feqatest.exe, for example) TRUE/FALSE  
TEFx-024 Daily Security Content Updates Test vs Critical Applications - Memory Designate test hosts with critical apps installed and measure memory usage vs baseline for 1 hour after deployment, while validating critical app functionality. May be automated. TRUE/FALSE  
TEFx-025 Daily Security Content Updates Test vs Critical Applications - CPU Designate test hosts with critical apps installed and measure CPU usage vs baseline for 1 hour after deployment, while validating critical app functionality. May be automated. TRUE/FALSE  
TEFx-026 Daily Security Content Updates Test vs Critical Applications - Disk I/O Designate test hosts with critical apps installed and measure Disk I/O usage vs baseline for 1 hour after deployment, while validating critical app functionality. May be automated. TRUE/FALSE  

Conclusion

While incidents like the July 19, 2024 CrowdStrike outage are disruptive, Trellix offers customers Transparency, Choice, and Responsibility in our software and content update processes. This enables customers to exercise due diligence and consistent testing in their environments, which can dramatically limit impacts and reduce the risks to your organization. If your organization needs help putting in that effort, consider Trellix Professional Services. We offer various strategic and technical services that can help your team test, automate, operate, and govern your cyber defenses. Contact your Trellix account manager, or if you haven’t got one yet, let us know you’re interested. Tell them you want fully tested software and security content updates to get the ball rolling!

Continue reading the series: Part 1 (Intro), Part 2 (Product Features ePO, EDR, and ENS), Part 3 (Product Features Endpoint Forensics), and Part 4 (Testing Procedures for ePO, EDR, ENS, and HX).

Make sure you read this disclaimer after all that recommendations goodness:

This document and the information contained herein describe computer security research for educational purposes only and for the convenience of Trellix customers.
This document may contain information on Trellix products, services, and/or processes in development. All information provided here is subject to change without notice at Trellix’s sole discretion. Contact your Trellix representative for the latest forecast, schedule, specifications, and roadmaps.

Get the latest

Stay up to date with the latest cybersecurity trends, best practices, security vulnerabilities, and so much more.
Please enter a valid email address.

Zero spam. Unsubscribe at any time.